Age | Commit message (Collapse) | Author | Files | Lines |
|
session
setups on its way to open a pipe. This gets rid of many round-trips to the
LDAP server during logon by setting up the server_info_guest once and not
asking the LDAP server and nss every time. Make sure that the ldap connection
is reopened in the child. (I did not look at the sql backends.)
Volker
(This used to be commit 3298f6105e6a88c9390cac02245c8f2eee1e5046)
|
|
stolen from samba4 ... ;-)
Volker
(This used to be commit b111bb46afc247e034a11e953b9d243cde69cc07)
|
|
memory cache associated with open printer handles; also make sure that register_messages_flags() doesn't overwrite the originally registers flags
(This used to be commit 540daf71d8ad189af5dd6d45aa1ce2b3d67da752)
|
|
On systems with /dev/urandom, this avoids a change to secrets.tdb for every fork().
For other systems, we now only re-seed after a fork, and on startup.
No need to do it per-operation. This removes the 'need_reseed'
parameter from generate_random_buffer().
Andrew Bartlett
(This used to be commit 36741d3cf53a7bd17d361251f2bb50851cdb035f)
|
|
then is the client supports it (current clients supported are Samba and
CIFSVFS - detected by the negprot strings "Samba", "POSIX 2" and a bare
"NT LM 0.12" string) then the setting of the per packet flag smb_flag
FLAG_CASELESS_PATHNAMES is taken into account per packet. This allows
the linux CIFS client to use Samba in a case sensitive manner.
Additional command in smbclient "case_sensitive", toggles the
flag in subsequent packets.
Docs to follow.
Jeremy.
(This used to be commit cf84c0fe1a061acc0313f7db124b8f947cdf623d)
|
|
update process and allow printers to have different sharenames from printernames
(This used to be commit 066b9c4276a968788a03709a00d4f672ac032df7)
|
|
Jeremy.
(This used to be commit ea41d694270264557f740cd40ccc69b4acaa57e9)
|
|
error after select() returns true. (See accept man page on Linux). Patch from
rabies@meep.org (Richard Garnish).
Jeremy.
(This used to be commit 6ca158291cf1f533ef18b542c84f22e9780c0966)
|
|
I've now tested this in daemon mode and also on xinetd and I'm pretty
sure it's working.
Jeremy.
(This used to be commit 14dee038019b11300466b148c53515fc76e5e870)
|
|
* remove corrupt tdb and shutdown (only for printing tdbs, connections,
sessionid & locking)
* decrement smbd counter in connections.tdb in smb_panic()
* various Makefile hack to get things to link
'max smbd processes' looks like it might be broken. The counter KEY is not
being set. Will look into that tomorrow.
(This used to be commit 6e22c5da929b6d9a4e32dc704c83112b2ad8fcfd)
|
|
Andrew Bartlett
(This used to be commit 25a09004e8a51eb3192adbb580239427bfee0ec9)
|
|
in lib/smbpasswd.c that were exact duplicates of functions in passdb/passdb.c
(These should perhaps be pulled back out to smbpasswd.c, but that can occour
later).
Andrew Bartlett
(This used to be commit fcdc5efb1e245c8fa95cd031f67ec56093b9056e)
|
|
metze
(This used to be commit 12d6bc3bd0684646e990c2fc6485fe1a92ac98fb)
|
|
get_peer_name. This is to get closer to the getsockname/getpeername system
functions.
Next step will be the %i macro for the local IP address. I still want to play
%L-games in times of port 445.
Volker
(This used to be commit d7162122eaf5d897e5de51604e431bfbaa20e905)
|
|
backlog of 5 is way too small these days.
(This used to be commit bbb92d2b0ea6bc10c71bed62924bfc95c11172a5)
|
|
(This used to be commit ae452e51b02672a56adf18aa7a7e365eeaba9272)
|
|
available. Removed extra auth_init (thanks metze).
Jeremy.
(This used to be commit 88135fbc4998c266052647f8b8e437ac01cf50ae)
|
|
* remove idmap_XX_to_XX calls from smbd. Move back to the
the winbind_XXX and local_XXX calls used in 2.2
* all uid/gid allocation must involve winbindd now
* move flags field around in winbindd_request struct
* add WBFLAG_QUERY_ONLY option to winbindd_sid_to_[ug]id()
to prevent automatic allocation for unknown SIDs
* add 'winbind trusted domains only' parameter to force a domain member
server to use matching users names from /etc/passwd for its domain
(needed for domain member of a Samba domain)
* rename 'idmap only' to 'enable rid algorithm' for better clarity
(defaults to "yes")
code has been tested on
* domain member of native mode 2k domain
* ads domain member of native mode 2k domain
* domain member of NT4 domain
* domain member of Samba domain
* Samba PDC running winbindd with trusts
Logons tested using 2k clients and smbclient as domain users
and trusted users. Tested both 'winbind trusted domains only = [yes|no]'
This will be a long week of changes. The next item on the list is
winbindd_passdb.c & machine trust accounts not in /etc/passwd (done
via winbindd_passdb)
(This used to be commit 8266dffab4aedba12a33289ff32880037ce950a8)
|
|
We now always read the Domain SID out of LDAP. If the local secrets.tdb
is ever different to LDAP, it is overwritten out of LDAP. We also
store the 'algorithmic rid base' into LDAP, and assert if it changes.
(This ensures cross-host synchronisation, and allows for possible
integration with idmap). If we fail to read/add the domain entry, we just
fallback to the old behaviour.
We always use an existing DN when adding IDMAP entries to LDAP, unless
no suitable entry is available. This means that a user's posixAccount
will have a SID added to it, or a user's sambaSamAccount will have a UID
added. Where we cannot us an existing DN, we use
'sambaSid=S-x-y-z,....' as the DN.
The code now allows modifications to the ID mapping in many cases.
Likewise, we now check more carefully when adding new user entires to LDAP,
to not duplicate SIDs (for users, at this stage), and to add the sambaSamAccount
onto the idmap entry for that user, if it is already established (ensuring
we do not duplicate sambaSid entries in the directory).
The allocated UID code has been expanded to take into account the space
between '1000 - algorithmic rid base'. This much better fits into what
an NT4 does - allocating in the bottom part of the RID range.
On the code cleanup side of things, we now share as much code as
possible between idmap_ldap and pdb_ldap.
We also no longer use the race-prone 'enumerate all users' method for
finding the next RID to allocate. Instead, we just start at the bottom
of the range, and increment again if the user already exists. The first
time this is run, it may well take a long time, but next time will just
be able to use the next Rid.
Thanks to metze and AB for double-checking parts of this.
Andrew Bartlett
(This used to be commit 9c595c8c2327b92a86901d84c3f2c284dabd597e)
|
|
This is the first part of the fix that at least allows configure to
walk the list of supplied locations where libiconv etc might be found.
aclocal.m4 also needs a fix, as does a later test.
(This used to be commit 20786543139c546d112f8f6b6d4d796ee7fed609)
|
|
idmap backend is specified cause smbd to ask winbindd (use winbindd if
you want a consistant remote backend solution).
Should work well enough for next beta now...
Jeremy.
(This used to be commit 8f830c509af5976d988a30f0b0aee4ec61dd97a3)
|
|
This replaces the universal group caching code (was originally
based on that code). Only applies to the the RPC code.
One comment: domain local groups don't show up in 'getent group'
that's easy to fix.
Code has been tested against 2k domain but doesn't change anything
with respect to NT4 domains.
netsamlogon caching works pretty much like the universal group
caching code did but has had much more testing and puts winbind
mostly back in sync between branches.
(This used to be commit aac01dc7bc95c20ee21c93f3581e2375d9a894e1)
|
|
- Use absolute directories for $builddir and $srcdir in the Makefile
- Don't try and combine source files in $builddir and $srcdir to build
proto.h. It's just too hard to get it right across all targets we
wish to compile on. Use a hand created prototype for the single
function in smbd/build_options.c that we need. This allows us to ditch
all the extra sed work that was causing problems: \t not portable - hah!
- Fix bogus delheaders target to remove the correct files
This appears to work quite nicely now. Let's see how it goes on the
buildfarm machines.
(This used to be commit 456184463d35c18840c39cb3483b7136247ea764)
|
|
We really need idmap_ldap to have a good solution with ldapsam, porting
it from the prvious code is beeing made, the code is really simple to do
so I am confident it is not a problem to commit this code in.
Not committing it would have been worst.
I really would have been able to finish also the group code, maybe we can
put it into a followin release after 3.0.0 even if it may be an upgrade
problem.
The code has been tested and seem to work right, more testing is needed for
corner cases.
Currently winbind pdc (working only for users and not for groups) is
disabled as I was not able to make a complete group code replacement that
works somewhat in a week (I have a complete patch, but there are bugs)
Simo.
(This used to be commit 0e58085978f984436815114a2ec347cf7899a89d)
|
|
(This used to be commit d817eaf0ecca2d878ab1ffcf7a747a02d71c811e)
|
|
that is now possible to, for example, load a module which contains
an auth method into a binary without the auth/ subsystem built in.
(This used to be commit 74d9ecfe2dd7364643d32acb62ade957bd71cd0d)
|
|
(This used to be commit 3033a63cefb5f28d4460885f7f4e4ecaed95443c)
|
|
This includes the 'SIDs Rule' patch, mimir's trusted domains cacheing code,
the winbind_idmap abstraction (not idmap proper, but the stuff that held up
the winbind LDAP backend in HEAD).
Andrew Bartlett
(This used to be commit d4d5e6c2ee6383c6cceb5d449aa2ba6c83eb0666)
|
|
(This used to be commit c7a1de090db35835be1a1623bfc80c04065c5dd9)
|
|
- debugging tdb messages now initialised and handled in lib/messages.c
(This used to be commit 380875de779f2519d9ce8735362484021388b4eb)
|
|
(This used to be commit 98e84b3e83d2a365c818ea64f9418edb29d690f2)
|
|
(This used to be commit 0751d2f117b4274dd19388d856de75d9fc739865)
|
|
'set_local_machine_name' so that the client can't change it from under us.
(.NET RC2 and WinXP install calls the machine 'machinename' during NTLMSSP
on the domain join).
Andrew Bartlett
(This used to be commit 4c7163e7c2cc09bd95faa05156ee480957a7a4d8)
|
|
Jeremy.
(This used to be commit be54b1b831b0bd6c428558131ea600c46433c090)
|
|
messages. Stops build-up of large numbers of smbd's waiting to terminate
on large print throughput.
Jeremy.
(This used to be commit 07efebb98473cb3d4adc6b2e0afef3f06dcc99b8)
|
|
(This used to be commit 5d821c0e23f96f4da6a29a6bebf800532fcf1aa6)
|
|
so that bin/vfstest can link. merge from head
(This used to be commit 9151cd7d64a1ee1277cbcfb3e7ed61c32c1037cf)
|
|
fails.
Jeremy.
(This used to be commit e0482594724ebba801bbc39a90a73fafa54f8b9e)
|
|
(This used to be commit a8db1b611d83bfd8dcf60f1e6d8fcbf57c798528)
|
|
warnings. (Adds a lot of const).
Andrew Bartlett
(This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c)
|
|
named. Ensure we can query them.
Jeremy.
(This used to be commit 09a218a9f6fb0bd922940467bf8500eb4f1bcf84)
|
|
dashes of const. This is a rather large check-in, some things may break.
It does compile though :-).
Jeremy.
(This used to be commit f755711df8f74f9b8e8c1a2b0d07d02a931eeb89)
|
|
(This used to be commit 1175b62337f5c29954cd5e8dfdc2327c9c80748c)
|
|
Jeremy.
(This used to be commit 6efd17ef78ebcfed1130312fa019d674e4663a00)
|
|
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
|
|
(This used to be commit 42615b945e2e48e53a21ea47f2e45407913a6a1e)
|
|
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
|
|
mangling implementation, selectable using "mangling method = " in smb.conf
It also tidies the interface a little, although it is still nasty.
(This used to be commit be23d87a178e7d0691e7d942adf89bb3d2d533c2)
|
|
Even for a hash/cache setup, this code needs some more work, in particular
it needs to use mangle_get_prefix() etc and to move to unicode internals.
Andrew Bartlett
(This used to be commit ad8aa470575c39fcbc7f1440bf1081d7ea31c0aa)
|
|
J.F.
(This used to be commit 51a5bbfee71e064c73283a090e9e922a31b1e21b)
|